I am pretty new to the framework, but from what I have done/seen so far I have to say it looks FanTastic!! I managed to build a lovely little basic web app and it took me hardly any time atall.!
Anyway, I have just started a reasonably large project and I have (what is probably quite a fundamental) question about User's and UserIdentity. In the site there are going to be two rather different types of User, with 2 separate User tables.
How would I be suggested to Model this. I was thinking of simply having a setState("userType") in the UserIdentity but I'm not sure if this will cause things to be untidy later on. I expect there is a better way. Perhaps I should have different UserIdentity objects for the two user types?
First, you definitely need two AR classes to represent the user tables.
Second, you can use the same UserIdentity or different identity classes, depending on how you would perform the authentication.
Yes, you would need some flag to tell which type the current user is. Saving this flag in setState('userType') should be fine. You would be able to access this flag via Yii::app()->user->userType, then.
In this case I would suggest you do not use user ID alone to perform RBAC. Instead, you may use a string like "userID@tableName" to identify a user in RBAC. The userid in RBAC does not need to be an integer.
I wonder though if I can get away with having the 2 user types without RBAC.
When defining the access control filter for example, I could maybe set the ‘expression’ to be some expression which returns true if the user is of the correct type ?